What you need to know
- 17 apps have been removed from the App Store.
- The iPhone apps were found to contain malware.
- The apps covered a wide range of categories.
Apple has confirmed that it has removed as many as 17 apps from the App Store after it was found that they contained malware. Those apps all went through the App Store review process with no issues identified at the time.
Instead, the apps were found by mobile security firm Wandera (via ZDNet). All of the apps functioned as they said they would but also had malware running in the background.
The clicker trojan module discovered in this group of applications is designed to carry out ad fraud-related tasks in the background, such as continuously opening web pages or clicking links without any user interaction.
The objective of most clicker trojans is to generate revenue for the attacker on a pay-per-click basis by inflating website traffic. They can also be used to drain the budget of a competitor by artificially inflating the balance owed to the ad network.
Even though no data or financial theft took place, users would have been impacted by the trojan. People with these apps installed might have noticed their iPhone battery draining more quickly than usual. Or it might simply have performed more slowly than expected.
Worryingly, Wandera says that the apps didn't contain the maliscious code but rather received it via a request to a web server. That means there was no way for Apple's App Store review process to spot the malware until the apps were already available. That, in theory, means this could happen again.
The apps communicate with a known command and control (C&C) server to simulate user interactions in order to fraudulently collect ad revenue...
Command & Control enables bad apps to bypass security checks because it activates a communication channel directly with the attacker that is not within Apple's view. C&C channels can be used to distribute ads (like the ones used by the iOS Clicker Trojan), commands, and even payloads (such as a corrupt image file, a document or more). Simply put, C&C infrastructure is a 'backdoor' into the app which can lead to exploitation if and when a vulnerability is discovered or when the attacker chooses to activate additional code that may be hidden in the original app.
All of the affected apps were from AppAspect Technologies. Those apps were:
- RTO Vehicle Information
- EMI Calculator & Loan Planner
- File Manager – Documents
- Smart GPS Speedometer
- CrickOne – Live Cricket Scores
- Daily Fitness – Yoga Poses
- FM Radio – Internet Radio
- My Train Info – IRCTC & PNR (not listed under developer profile)
- Around Me Place Finder
- Easy Contacts Backup Manager
- Ramadan Times 2019
- Restaurant Finder – Find Food
- BMI Calculator – BMR Calc
- Dual Accounts
- Video Editor – Mute Video
- Islamic World – Qibla
- Smart Video Compressor
If you have any of those installed we'd suggest removing them ASAP.
Review: EarFun Free Pro noise-canceling wireless earbuds are well-priced
Looking for truly wireless noise-canceling headphones that won't break the bank? Check out EarFun Free Pro wireless earbuds.
Tim Cook called to EU hearing on power of big tech, February 1
Tim Cook has been invited to an EU hearing on the power of U.S. tech giants on February 1, alongside Jeff Bezos, Sundar Pichai, and Mark Zuckerberg.
Google Drive File Stream will get M1 support in April
Google Drive File Stream will reportedly get support for Apple's M1 chip and Apple silicon in April.
Webcam hacking is real, but you can protect yourself with a privacy cover
Worried people might be looking in through your webcam on your MacBook? No worries! Here are some great privacy covers that will protect your privacy.